Birmingham hospital group creates patient portal with authentication from Entrust

Birmingham hospital group creates patient portal with authentication from Entrust

Authentication technology from Entrust has allowed the creation of and secure access to the new web-based patient portal from University Hospitals Birmingham.

Developed over a period of 18 months, University Hospitals Birmingham rolled out the myhealth@QEHB in March 2011 to select users, and it is set for a full roll-out at the end of July to more than 2,000 patients of the Queen Elizabeth Hospital in Birmingham (QEHB).

Speaking to SC Magazine, Jim Williams, application development manager at University Hospitals Birmingham, said that the plan was to create a site that patients, who are based all over the UK, can use to access their records from a clinical database. He said: “Before this we used a VPN solution to log into a secure environment to get hold of records, see all of the medication that they have been prescribed and lab results.

“For patients with long-term or terminal illnesses, this is the perfect solution. There is a raft of information here and they can enter their medication so that they can keep track of it and see when they were an in-patient.”

In terms of the security of the portal, Williams said that it is using ethical hackers to do penetration testing on it and code reviews. “We allow people to upload to the ‘my vault' section where they can share their information with the hospital if they choose, but a hacker could upload an executable file so we are doing work on this and testing as we go along with new sections,” he said.

Entrust will provide strong two-factor authentication for the portal's registration process via its IdentityGuard solution. Williams said that the two companies had worked together previously on another project, but here it was used for authenticating the user via randomly selected questions.

He said: “We can't give out hard tokens and there is the possibility of using soft tokens on a smartphone, so we looked at different ways and asked if this is the right way to do things. We want to make it as foolproof as possible.”

Mark Reeves, senior vice-president international at Entrust, said: “We're delighted to be involved in this project, to help preserve the integrity of patients' confidential information. It's crucial that Entrust can offer a solution that provides complete security, to mitigate the risk of unauthorised access and outsider intrusion. We look forward to working with University Hospitals Birmingham and Data Integration to progress this ground-breaking project.”

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.